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What is claimed is: 

1 LA communication network, comprising: 

2 (A) local communication links, 

3 (B) a plurality of separately located central office switching systems 

4 interconnected via trunk circuits for selectively providing switched call 

5 connections between at least two of the local communication links, 

6 (C) a signaling communication system including at least one signaling network 
y? element, said signaling communication system configured to provide 
0| two-way communications of control data messages between and among 
S§ said cental office switching systems and said signaling network element, 
Yb said signaling communication system interconnecting the central office 
Wl switching systems and said signaling network element; 

¥l (D) a signaling gateway, separate from the central office switching systems and 

T3 connected to said signaling communications system, said signaling 

14 gateway including an interface connected to a remote communications 

1 5 network and configured to exchange said control data messages between 

1 6 said remote communication network and said signaling communication 

1 7 system, and 

18 (E) a signaling system security monitor, separate from the central office 

1 9 switching systems, said signaling system security monitor configured to 

20 determine if said control data messages are contextually proper. 
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1 2. The communications network according to claim 1 wherein said signaling system 

2 security monitor is configured to evaluate said control data messages to determine an 

3 effect of said control messages if acted upon by one of (i) said central office switching 

4 systems and (ii) said network element and, in response, determine if said control data 

5 messages are proper. 

1 3. The communications network according to claim 1 wherein said signaling system 

2 security monitor is further configured to correlate messages associated with a call or 

3 transaction to ensure that a proper relationship exists between parameter values in the 

4 correlated messages. 

1 4. The communications network according to claim 1 wherein said control data messages 
comprise ISUP messages. 

1 5. The communications network according to claim 1 wherein said signaling system 

2 security monitor is configured to selectively communicate said ISUP messages between 

3 said signaling gateway and one of said central office switching systems in response to a 

4 determination that said ISUP messages are proper. 

1 6. The communications network according to claim 1 wherein said signaling network 

2 element comprises a service control point (SCP) wherein said signaling system security 
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3 monitor is configured to evaluate said control data messages sent to and received from 

4 said SCP, and correlate said messages to determine that said messages are proper and to 

5 ensure that a proper relationship exists between said messages and between parameter 

6 values of said messages. 

1 7. The communications network according to claim 1 wherein said control data messages 

2 comprise TCAP messages. 

M 8. The communications network according to claim 1 wherein said signaling system 

1^2 security monitor is configured to maintain records of the contexts of existing calls and 

fy3 transactions, and evaluate whether monitored messages are appropriate to those contexts. 

=1 9. A communication network, comprising: 

£72 (A) local communication links, 

3 (B) a plurality of separately located central office switching systems 

4 interconnected via trunk circuits for selectively providing switched call 

5 connections between at least two of the local communication links in 

6 response to predetermined control data messages, 

7 (C) a signaling communication system for two-way communications of said 

8 control data messages between said cental office switching systems, said 

9 signaling communication system interconnecting the central office 
10 switching systems; 
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1 1 (D) a signaling gateway, separate from the central office switching systems and 

12 connected to said signaling communications system, said signaling 

13 gateway including an interface connected to a remote communications 

14 network and configured to exchange said control data messages between 

1 5 said remote communication network and said signaling communication 

16 system, and 

17 (E) a signaling system security monitor, separate from the central office 
|f switching systems, said signaling system security monitor configured to 
W determine if said control data messages are contextually proper. 

isl 10. The communications network according to claim 9 wherein said signaling system 

Q> security monitor is configured to evaluate said control data messages and correlate said 

M5 messages to determine that said messages are proper and to ensure that a proper 

Hi relationship exists between said messages and between parameter values of said 

5 messages. 

1 11. The communications network according to claim 9 wherein said signaling system 

2 security monitor is further configured to correlate messages associated with a call or 

3 transaction to ensure that a proper relationship exists between parameter values in the 

4 correlated messages. 
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1 12. The communications network according to claim 10 wherein said control data 
messages comprise ISUP messages. 

1 13. The communications network according to claim 12 wherein said signaling system 

2 security monitor is configured to selectively communicate said ISUP messages between 

3 said signaling gateway and one of said central office switching systems in response to a 

4 determination that said ISUP messages are proper. 

1 14. The communications network according to claim 10 further comprising a service 

2 control point (SCP) wherein said signaling system security monitor is configured to 

3 evaluate said control data messages sent to and received from said SCP, and correlate 

4 said messages to determine that said messages are proper and to ensure that a proper 

5 relationship exists between said messages and between parameter values of said 

6 messages. 

1 15. The communications network according to claim 10 wherein said control data 

2 messages comprise TCAP messages. 

1 16. The communications network according to claim 15 further comprising a service 

2 control point (SCP) wherein said signaling system security monitor is configured to 

3 selectively communicate said TCAP messages between said signaling gateway and SCP 

4 in response to a determination that said TCAP messages are proper. 
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1 17. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to maintain records of the contexts of existing calls and 

3 transactions, and evaluate whether monitored messages are appropriate to those contexts. 

1 18. The communications network according to claim 9 wherein said signaling system 

£2 security monitor is configured to selectively enable and inhibit said signaling gateway 
from exchanging said control data messages between said remote communication 

[~£ network and said signaling communication system. 

Ol 19. The communications network according to claim 9 wherein said signaling 

hf2 communication system includes a service control point (SCP) and said signaling system 

£~3 security monitor includes a memory storing states of said central office switching 

4 systems and said SCP, said processor additionally responsive to said states for 

5 determining if said control messages are proper. 

1 20. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to selectively modify said control messages in response 

3 to a determination of the propriety of said control messages. 



1 



21 . The communications network according to claim 9 wherein said signaling gateway 
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2 includes a signaling protocol converter. 

1 22 . The communications network according to claim 2 1 wherein said signaling protocol 

2 converter is configured to convert SS7 type messages to another packet data format. 

1 23. The communications network according to claim 22 wherein the other packet data 

2 format is an Internet Protocol (EP) format. 

Nil 24. The communications network according to claim 21 wherein said signaling system 

H;2 security monitor is configured to monitor information contained in an MTP Layer 3 

2=^3 portion of said control data messages. 

Ol 25. The communications network according to claim 24 wherein said information 

H2 contained in said MTP Layer 3 portion of said control data messages includes (i) a 

3 destination point code, (ii) an originating point code, and (iii) a service indicator. 

1 26. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to monitor at least one of SCCP, ISUP, TCAP, and AIN 

3 messages. 

1 27. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to monitor a plurality of message types selected from 
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3 SCCP, ISUP, TCAP, and AIN type messages. 

1 28. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to monitor calling and called party address parameters 

3 contained in SCCP message portions of said control data messages. 

1 29. The communications network according to claim 28 wherein said signaling system 

{2 security monitor is configured to determine if said monitored calling and called party 

address parameters are consistent with an authorized signaling relationship. 

ry. 30. The communications network according to claim 9 wherein said signaling system 

Q> security monitor is configured to monitor calling and called party address parameters 

hj contained in an SCCP message portion of said control data messages. 

1 31. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to monitor origination and destination point codes 

3 contained in the MTP header of the control data messages and calling and called party 

4 address parameters contained in the SCCP message portion of said control data messages. 

1 32. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to monitor origination and destination point code 

3 parameters contained in the MTP header of said control data messages and determine if 
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4 a particular destination point code is authorized to send a particular message to a 

5 particular destination point code. 

1 33. The communications network according to claim 9 wherein said signaling system 

2 security monitor includes a memory storing a state of said communications network. 

1 34. The communication network according to claim 9 wherein said signaling system 

q£ security monitor includes a memory storing permissible states of said communications 

SB network and rules for transitioning from each of said permissible states to others of said 

fjl permissible states. 

fj 35. The communications network according to claim 9 wherein said signaling system 

Cp security monitor includes a memory storing data relating call progress status with 

j~$ respective sets of control messages appropriate to initiate a next action consistent with 

4 a particular service. 

1 36. The communications network according to claim 9 wherein said signaling system 

2 security monitor includes a memory storing data relating transaction status with 

3 respective sets of control messages appropriate to initiate a next action consistent with 

4 a particular service. 

1 37. The communications network according to claim 9 wherein said signaling system 
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2 security monitor includes a memory storing a plurality of message templates. 

1 38. The communications network according to claim 27 wherein said plurality of 

2 message templates are associated with a plurality of service providers. 

1 39. The communications network according to claim 38 wherein said signaling system 

2 security monitor associates each of said control data messages with a corresponding one 
A of said service providers and selects one of said message templates in response to the 
'-4k corresponding one of said service providers. 

l X, 40. The communications network according to claim 9 wherein said signaling system 

|h security monitor includes a memory storing sets of templates, each of said sets 

as : 

ffi corresponding to control messages appropriate to a particular call progress flow or 

p-^ transaction. 

1 41 . The communications network according to claim 40 wherein said templates define 

2 message formats, parameters and values associated with control message types selected 

3 from SCCP, ISUP, TCAP and AIN type messages. 

1 42. The communications network according to claim 40 wherein said signaling system 

2 security monitor is configured to select said sets of templates in response to service 

3 provider authorization data associated with respective ones of said control data messages. 
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1 43. The communications network according to claim 9 wherein said signaling system 

2 security monitor comprises a certification agent configured to exchange and maintain 

3 encryption key certificates. 

1 44. The communications network according to claim 9 wherein said signaling system 

2 security monitor is configured to issue and decrypt digital time stamps. 

1 45. The communications network according to claim 9 wherein said signaling system 

2 security monitor comprises a digital certificate issuing authority. 

1 46. The communications network according to claim 9 wherein said signaling system 

2 security monitor includes data encryption and decryption facilities. 

1 47. A method of securely interfacing control links of respective communication 

2 networks, comprising the steps of: 

3 exchanging control data messages between a remote communication network and 

4 a local signaling communication system; 

5 interpreting said control data messages to determine whether it is appropriate with 

6 respect to a destination point code of said control data message and, in response, 

7 determining if said control data messages are proper; 

8 selectively communicating control data messages between cental office switching 
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9 systems; and 

1 0 selectively providing switched call connections between at least two of the local 

1 1 communication links in response to predetermined control data messages. 

1 48. The method according to claim 47 wherein said step of interpreting include steps of 

2 maintaining records of the contexts of existing calls and transactions, and evaluating 

3 whether monitored messages are appropriate to those contexts. 

M 49. The method according to claim 47 wherein said signaling system wherein said step 

H> of selectively communicating control data messages includes selectively enabling and 

^3 inhibiting said signaling gateway from exchanging said control data messages between 

said remote communication network and said signaling communication system. 

H 50. The method according to claim 47 further including a step of storing states of 

2 respective ones of said central office switching systems, wherein said interpreting step 

3 is additionally responsive to said states for determining if said control messages are 

4 proper. 

1 51. The method according to claim 47 further comprising a step of selectively modifying 

2 said control messages in response to a determination of an impropriety of said control 

3 messages. 
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1 52. The method according to claim 47 further comprising a step of converting a protocol 

2 of said control data messages between a protocol of said remote communication network 

3 and a protocol of said local signaling communication system. 

1 53. The method according to claim 52 wherein one of said protocols is an SS7 compliant 

2 message protocol. 

q1 54. The method according to claim 52 wherein one of said protocols is an Internet 

%2 Protocol (IP) format. 

yfl 55. The method according to claim 52 wherein said signaling system security monitor 

o2 is configured to monitor information contained in an MTP Layer 3 portion of said control 

C3 data messages. 

1 56. The method according to claim 55 wherein said information contained in said MTP 

2 Layer 3 portion of said control data messages includes (i) a destination point code, (ii) 

3 an originating point code, and (iii) a service indicator. 

1 57. The method according to claim 47 wherein said interpreting step includes monitoring 

2 of at least one of SCCP, ISUP, TCAP, and AIN messages. 

1 58. The method according to claim 47 wherein said interpreting step includes monitoring 
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of a plurality of message types selected from SCCP, ISUP, TCAP, and AIN type 
messages. 

59. The method according to claim 47 wherein said interpreting step includes monitoring 
of calling and called party address parameters contained in SCCP message portions of 
said control data messages. 

60. The method according to claim 47 wherein said interpreting step includes 
determining if said monitor calling and called party address parameters are consistent 
with an authorized signaling relationship. 

6 1 . The method according to claim 47 wherein said interpreting step includes monitoring 
calling and called party address parameters contained in an SCCP message portion of 
said control data messages. 

62. The method according to claim 47 wherein said interpreting step includes monitoring 
origination and destination point codes contained in the MTP header of the control data 
message and calling and called party address parameters contained in the SCCP message 
portion of said control data messages. 

63. The method according to claim 47 wherein said interpreting step includes monitoring 
origination and destination point codes parameters contained in the MTP header of said 
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3 control data messages and determining if a particular destination point code is authorized 

4 to send a particular message to a particular destination point code. 

1 64. The method according to claim 47 further comprising a step of storing a state of said 

2 communications network. 

1 65 . The method according to claim 47 further comprising a step of storing (i) permissible 

2 states of said communications network and (ii) rules for transitioning from each of said 

3 permissible states to others of said permissible states. 

1 66. The method according to claim 47 further comprising a step of storing data relating 

2 call progress status with respective sets of control messages appropriate to initiate a next 

3 action consistent with a particular service. 

1 67. The method according to claim 47 further comprising a step of storing data relating 

2 transaction status with respective sets of control messages appropriate to initiate a next 

3 action consistent with a particular service. 

1 68. The method according to claim 47 further comprising a step of storing a plurality of 

2 message templates. 

1 69. The method according to claim 68 wherein said plurality of message templates are 
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2 associated with a plurality of service providers. 

1 70. The method according to claim 69 further comprising steps of: 

2 associating each of said control data messages with a corresponding one of said service 

3 providers; and 

4 selecting one of said message templates in response to the corresponding one of said 

5 service providers. 

1 71. The method according to claim 47 further comprising a step of storing sets of 

2 templates, each of said sets corresponding to control messages appropriate to particular 

3 call progress flow. 

1 72. The method according to claim 71 wherein said templates define message formats, 

2 parameters and values associated with control message types selected from SCCP, ISUP, 

3 TCAP and AIN type messages. 

1 73. The method according to claim 71 further comprising a step of selecting said sets of 

2 templates in response to service provider authorization data associated with respective 

3 ones of said control data messages. 

1 74. The method according to claim 47 further comprising steps of exchanging and 

2 maintaining encryption key certificates. 
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1 75. The method according to claim 47 further comprising steps of issuing and 

2 decrypting digital time stamps. 

1 76. The method according to claim 47 further comprising a step of issuing a digital 

2 certificate. 



622599.2 



67 



